From: Changqing Li <changqing.li@windriver.com>
To: Richard Purdie <richard.purdie@linuxfoundation.org>,
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [V3][PATCH] rpm: fix CVE-2021-3521
Date: Tue, 4 Jan 2022 09:48:24 +0800 [thread overview]
Message-ID: <5119f0f4-ccf3-60c6-8d35-b301a0f8a499@windriver.com> (raw)
In-Reply-To: <6d4b04f6048055fe85d131679cbfcfda33a97035.camel@linuxfoundation.org>
On 12/31/21 11:38 PM, Richard Purdie wrote:
> [Please note: This e-mail is from an EXTERNAL e-mail address]
>
> On Fri, 2021-12-31 at 10:21 +0800, Changqing Li wrote:
>> From: Changqing Li <changqing.li@windriver.com>
>>
>> Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> ---
>> .../rpm/files/0001-CVE-2021-3521.patch | 57 +++
>> .../rpm/files/0002-CVE-2021-3521.patch | 64 ++++
>> .../rpm/files/0003-CVE-2021-3521.patch | 329 ++++++++++++++++++
>> meta/recipes-devtools/rpm/rpm_4.17.0.bb | 3 +
>> 4 files changed, 453 insertions(+)
>> create mode 100644 meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
>> create mode 100644 meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
>> create mode 100644 meta/recipes-devtools/rpm/files/0003-CVE-2021-3521.patch
>>
>> diff --git a/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
>> new file mode 100644
>> index 0000000000..b374583017
>> --- /dev/null
>> +++ b/meta/recipes-devtools/rpm/files/0001-CVE-2021-3521.patch
>> @@ -0,0 +1,57 @@
>> +From 9a6871126f472feea057d5f803505ec8cc78f083 Mon Sep 17 00:00:00 2001
>> +From: Panu Matilainen <pmatilai@redhat.com>
>> +Date: Thu, 30 Sep 2021 09:56:20 +0300
>> +Subject: [PATCH 1/3] Refactor pgpDigParams construction to helper function
>> +
>> +No functional changes, just to reduce code duplication and needed by
>> +the following commits.
>> +
>> +CVE: CVE-2021-3521
>> +Upstream-Status: Backport[https://github.com/rpm-software-management/rpm/commit/9f03f42e2]
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + rpmio/rpmpgp.c | 13 +++++++++----
>> + 1 file changed, 9 insertions(+), 4 deletions(-)
>> +
>> +diff --git a/rpmio/rpmpgp.c b/rpmio/rpmpgp.c
>> +index d0688ebe9a..e472b5320f 100644
>> +--- a/rpmio/rpmpgp.c
>> ++++ b/rpmio/rpmpgp.c
>> +@@ -1041,6 +1041,13 @@ unsigned int pgpDigParamsAlgo(pgpDigParams digp, unsigned int algotype)
>> + return algo;
>> + }
>> +
>> ++static pgpDigParams pgpDigParamsNew(uint8_t tag)
>> ++{
>> ++ pgpDigParams digp = xcalloc(1, sizeof(*digp));
>> ++ digp->tag = tag;
>> ++ return digp;
>> ++}
>> ++
>> + int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
>> + pgpDigParams * ret)
>> + {
>> +@@ -1058,8 +1065,7 @@ int pgpPrtParams(const uint8_t * pkts, size_t pktlen, unsigned int pkttype,
>> + if (pkttype && pkt.tag != pkttype) {
>> + break;
>> + } else {
>> +- digp = xcalloc(1, sizeof(*digp));
>> +- digp->tag = pkt.tag;
>> ++ digp = pgpDigParamsNew(pkt.tag);
>> + }
>> + }
>> +
>> +@@ -1105,8 +1111,7 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
>> + digps = xrealloc(digps, alloced * sizeof(*digps));
>> + }
>> +
>> +- digps[count] = xcalloc(1, sizeof(**digps));
>> +- digps[count]->tag = PGPTAG_PUBLIC_SUBKEY;
>> ++ digps[count] = pgpDigParamsNew(PGPTAG_PUBLIC_SUBKEY);
>> + /* Copy UID from main key to subkey */
>> + digps[count]->userid = xstrdup(mainkey->userid);
>> +
>> +--
>> +2.17.1
>> +
>> diff --git a/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
>> new file mode 100644
>> index 0000000000..b93a1d5404
>> --- /dev/null
>> +++ b/meta/recipes-devtools/rpm/files/0002-CVE-2021-3521.patch
>> @@ -0,0 +1,64 @@
>> +From c4b1bee51bbdd732b94b431a951481af99117703 Mon Sep 17 00:00:00 2001
>> +From: Panu Matilainen <pmatilai@redhat.com>
>> +Date: Thu, 30 Sep 2021 09:51:10 +0300
>> +Subject: [PATCH 2/3] Process MPI's from all kinds of signatures
>> +
>> +No immediate effect but needed by the following commits.
>> +
>> +CVE: CVE-2021-3521
>> +Upstream-Status: Backport[https://github.com/rpm-software-management/rpm/commit/b5e8bc74b]
>> +
> The new tests also trigger for the missing space above after Backport. It does
> make me wonder why you don't see those test failures. I've tweaked the patches
> in master-next to fix this.
Thanks.
I don't receive mail about the failure, seems the patchwork is not working.
Regards
Changqing
> Cheers,
>
> Richard
>
next prev parent reply other threads:[~2022-01-04 1:48 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-31 2:21 [V3][PATCH] rpm: fix CVE-2021-3521 changqing.li
2021-12-31 15:38 ` [OE-core] " Richard Purdie
2022-01-04 1:48 ` Changqing Li [this message]
2022-01-04 9:31 ` Richard Purdie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5119f0f4-ccf3-60c6-8d35-b301a0f8a499@windriver.com \
--to=changqing.li@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=richard.purdie@linuxfoundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox